I have two Balance routers connected by a VPN. Each with local LANs and connected to distinct (and mutually unconnected) WANs:
WAN1 <------> B1 <==(VPN)==> B2 <------> WAN2
For purposes of illustration, assume that:
WAN1 devices have adresses 123.yyy.yyy.y
WAN2 devices have adresses 134.xxx.xxx.x
There are no routes between the 123 and 134 networks (except via the above VPN)
LAN1 (local to B1) devices have addresses 192.168.1.x
LAN2 (local to B2) devices have addresses 192.168.2.x
Assume that I want to access 134.xxx.xxx.10 on WAN2 from 192.168.1.5 on LAN1.
B1 has to route the packets across the VPN to B2, which then would send them on out to WAN2.
If the VPN is a PepVPN connection then I can do that with an outbound policy on B1: Enforce that all packets from LAN1devices to 134.xxx.xxx.x be routed via the (named) PepVPN connection to B2, which then sends them on their merry way to WAN2.
However, if the VPN is set up using IPsec instead of PepVPN I no longer have the option of identifying that connection as the outbound connection to use in the policy (the IPsec connection does not show up on the drop-down menu of connection options for the policy - only the WANs and the PepVPN connections are shown).
We have reason to set things up with IPSec rather than PepVPN.
How do we set up routing (or other) options to achieve this with IPsec?